Methods for secure enrollment and backup of personal identity credentials into electronic devices

ABSTRACT

A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.14/445,853, filed Jul. 29, 2014, now issued as U.S. Pat. No. 9,270,464,which is a continuation of U.S. patent application Ser. No. 13/849,985,filed on Mar. 25, 2013, entitled, “Methods for Secure Enrollment andBackup of Personal Identity Credentials Into Electronic Devices,” nowissued as U.S. Pat. No. 8,826,031, which is a continuation of U.S.patent application Ser. No. 13/210,022, filed on Aug. 15, 2011,entitled, “Methods For Secure Enrollment And Backup Of Personal IdentityCredentials Into Electronic Devices,” now issued as U.S. Pat. No.8,407,480, which is a continuation of U.S. patent application Ser. No.12/560,254, filed on Sep. 15, 2009, entitled “Methods For SecureEnrollment And Backup Of Personal Identity Credentials Into ElectronicDevices,” now issued as U.S. Pat. No. 8,001,372, which is a continuationof U.S. patent application Ser. No. 10/635,762, filed on Aug. 6, 2003,entitled “Methods For Secure Enrollment And Backup Of Personal IdentityCredentials Into Electronic Devices,” now issued as U.S. Pat. No.7,590,861, which claims priority under 35 U.S.C. §119(e) to provisionalpatent application Ser. No. 60/401,399 filed on Aug. 6, 2002 entitled,“A Secure Enrollment Process for a Biometric Personal IdentificationDevice,” each of which is hereby incorporated by reference in itsentirety.

This application is related to U.S. patent application Ser. No.12/190,058, entitled “Methods for Secure Enrollment Of Personal IdentityCredentials Into Electronic Devices,” now U.S. Pat. No. 8,127,143, andU.S. patent application Ser. No. 12/190,061, entitled “Methods forSecure Backup of Personal Identity Credentials for Electronic Devices,”now U.S. Pat. No. 7,788,501, and U.S. patent application Ser. No.12/190,064, entitled “Methods for secure Restoration of PersonalIdentity Credentials Into Electronic Devices,” now U.S. Pat. No.8,055,906, each filed on Aug. 12, 2008, and each of which isincorporated herein by reference in its entirety.

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates generally to the field of information security,and more particularly to an enrollment process for devices capable ofstoring and releasing personal identity credentials based onauthentication of a human fingerprint.

2. Necessity of the Invention

Devices and applications that use biometric authentication areincreasing in popularity and frequency of use in applications whereinformation security and privacy is critical. The success rates ofdevices that use biometrics as a form of authorization are dependent onthe accuracy of the process by which information is associated with thebiometric; for example, it must not be possible for John Doe tointercept Jane Doe's enrollment process and enroll Jane Doe'scredentials into a device with his fingerprint. A generalized enrollmentprocess includes capturing a biometric sample, ensuring the legitimacyof the sample and the individual providing the sample, storing thebiometric sample in the appropriate location in the device, and enablingaccess rights to the enrolled individual. If this enrollment process isperformed incorrectly or ineffectively then the process of biometricauthentication and the implicit guarantee of enhanced security areeasily defeated.

A variety of portable electronic devices with biometric authenticationare available to consumers. These include Hewlett Packard's iPAQ PocketPC h5450, 3M-AiT's VeriMe, Privaris' BPID™ Security Device, and Sony'sFIU-900 Puppy®. Each device is capable of storing fingerprints andperforming on-board matching. Several of these products are configurableto allow use of cryptographic keys after proof of biometricidentification. As discussed in the following section, ownership ofcryptographic keys is typically used as a form of remote identificationwhen individuals are communicating digitally. It is imperative, then,that the fingerprint is definitively linked to an individual, so thatthe cryptographic keys cannot be misused.

Furthermore, because the enrollment process must necessarily bestringent, and likely time-consuming, it is desirable to have a simplemethod of archiving and restoring enrolled credentials and fingerprints.Clearly the method must be inherently secure, because the entireenrollment process could be overridden by a compromise of the backupprocess.

DESCRIPTION OF THE RELATED ART

Public Key Infrastructure

The public key infrastructure (PKI) and digital certificates are verycommon and, when used correctly, can be used to guarantee a‘cryptographic identity’ of an individual. The most common form of thePKI uses the RSA algorithm, which is now freely available to the public.

To use the PKI, an individual—Alice—applies for a digital certificatefrom a trusted authority. After a substantive background investigatoryprocess, the trusted authority decides that Alice is who she claims tobe and decides to issue a digital certificate. The certificate includesa public key, one half of an asymmetric key pair, which is assigned onlyto Alice. She retains the other half of the key pair, the private key.Due to the fundamental principles of public key cryptography, anythingencrypted by the Alice's private key can only be decrypted using herpublic key, and vice versa. Alice is free to distribute the digitalcertificate and the public key to whomever she wishes.

When another individual, Bob, wishes to send a message to Alice, heencrypts it with her public key. Alice receives the encrypted messageand uses her private key to decrypt it. Because Alice is the uniqueowner of her public key, Bob knows that she possesses the unique andaccompanying private key. Additionally, Bob sees that a trustedauthority, which he knows performs substantive background checks, issuedthe digital certificate issued to Alice. He is assured that the onlyperson who can read the message is truly Alice. This assures one-waysecurity.

However, Alice cannot be sure that Bob sent her the message, because herpublic key is freely accessible. To combat this problem, Bob alsorequests and receives a digital certificate from a trusted authority.Bob writes his message and then creates a digital signature for themessage. He first creates a hash of the message; this process creates afixed-length string that is unique to the message but cannot be used todeduce the message. He then encrypts this hash using his private key andappends the encrypted hash to his message. The message and encryptedhash are now encrypted with Alice's public key, and transmitted to her.

Alice first decrypts the message with her private key. She can now readthe message, as described above. However, she also has the encryptedhash, which she can use to verify that Bob sent the message. She usesBob's public key to decrypt the digital signature and obtain the hash.Alice then hashes the received message herself, using the same hashalgorithm as Bob. If she obtains the same hash value as the onetransmitted by Bob, she is assured that the message has not changed, andthat he did actually send the message.

Enrollment Processes

3M-AiT's VeriMe stores a biometric template and a cryptographic privatekey for one user. When the user wishes to use the cryptographic privatekey, he or she must supply the correct biometric template. According tothe VeriMe fact sheet, the private key is generated at the time of“secure registration” of the fingerprint. However, the fact sheet doesnot describe the secure registration or what it entails; it also doesnot discuss a secure backup and recovery process.

Biometric Associates (BAI) produces a fingerprint sensor that can beembedded into a smartcard. The smartcard can then be used to performlocal biometric authentication, like the devices described above.According to BAI's website, the cards can enroll up to eight users withthe use of a BAI Enrollment Station. The Enrollment Station providesexternal equipment necessary to instruct the smartcard to startenrolling fingerprints and personal credentials. However, the publishedinformation does not describe a secure cryptographic process foraccomplishing this. It also does not describe secure backup and recoveryprocesses.

BRIEF SUMMARY OF THE INVENTION

The invention disclosed herein describes processes for securelyenrolling personal identity credentials into devices with means forpersonal identification. For example, a handheld computer with abiometric sensor may use enrolled fingerprints to identify a user whenhe requests access to stored information. The enrollment of thefingerprint must tie the user definitively to the fingerprint so thatfuture authorizations are valid.

The invention described herein provides a process for enrollment whereina manufacturer of a personal identification device records serialnumbers or another unique identifier for each device that it produces,along with a self-generated public key for each device. An enrollmentauthority is recognized by the manufacturer or another suitableinstitution as capable of validating an individual before enrolling himinto the device-maintains and operates the appropriate equipment forenrollment, and provides its approval of the enrollment.

The methods described herein are directed to post-manufacturingprocesses for the device, as well as the enrollment itself.Additionally, the invention describes methods for securely archivingenrolled personal identity credentials. This is to allow users torestore previously validated credentials into a new device withoutrequiring a completely new enrollment. Correspondingly, the inventiondescribes the restoration process, in which the stored credentials aresecurely downloaded into the new device.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1: Post-manufacturing process

101 Provide manufacturer's public key to device

102 Generate key pair for device

103 Provide device' public key and unique ID to manufacturer

104 Create digital certificate for device

105 Provide digital certificate to device

106 Store device' public key and unique ID

107 Disable device

FIG. 2: Enrollment

201 Request permission from enrollment authority to enroll credentialsinto device

202 Validate the request

203 Present device' digital certificate

204 Verify that device is true owner of the certificate

205 Present enrollment authority's digital certificate

206 Verify that enrollment authority is true owner of the certificate

207 Create a session key

208 Complete enrollment, encrypting with the session key

FIG. 3: Backup

301 Create symmetric biometric encryption and decryption key

302 Encrypt the biometric with the symmetric biometric encryption anddecryption key

303 Divide the symmetric biometric encryption and decryption key intotwo parts

304 Encrypt first part with a passphrase

305 Digitally sign second part with primary device' private key

306 Encrypt digital signature and second part of symmetric biometricencryption and decryption key with the controller's public key

307 Create symmetric personal identity credential encryption anddecryption key

308 Digitally sign personal identity credential with primary device'private key

309 Encrypt credential with symmetric personal identity credentialencryption and decryption key

310 Divide symmetric personal identity credential encryption anddecryption key

311 Encrypt first part of symmetric personal identity credentialencryption and decryption key with passphrase

312 Digitally sign second part of symmetric personal identity credentialencryption and decryption key with primary device' private key

313 Encrypt digital signature and second part of symmetric personalidentity credential encryption and decryption key with controller'spublic key

314 Store the encrypted biometric, encrypted credentials, and encryptedsymmetric biometric encryption and decryption key and symmetric personalidentity credential encryption and decryption key in an electronicstorage repository

315 Provide user with a digital certificate containing the primarydevice' public key

FIG. 4: Restoration

401 Access the electronic storage repository

402 Obtain both parts of the symmetric biometric encryption anddecryption key

403 Decrypt the first part with a passphrase

404 Decrypt the second part and the digital signature with thecontroller's private key

405 Verify the digital signature using the primary device' public key

406 Combine both parts of the symmetric biometric encryption anddecryption key

407 Decrypt the biometric

408 Store the biometric in the secondary device

409 Obtain both parts of the symmetric personal identity credentialencryption and decryption key

410 Decrypt the first part with a passphrase

411 Decrypt the second part and the digital signature with thecontroller's private key

412 Verify the digital signature using the primary device' public key

413 Combine both parts of the symmetric personal identity credentialencryption and decryption key

414 Decrypt the personal identity credential and the associated digitalsignature

415 Verify the digital signature using the primary device' public key

416 Store the personal identity credential in the secondary device

FIG. 1 is a flow chart illustrating the post-manufacturing process for apersonal identification device.

FIG. 2 is a flow chart illustrating the process for enrolling personalidentity credentials into the personal identification device.

FIG. 3 is a flow chart illustrating the backup process for securelystoring personal identity credentials for future restoration.

FIG. 4 is a flow chart illustrating the restoration process.

DETAILED DESCRIPTION

The following detailed description is of the best presently contemplatedmodes of carrying out the invention. This description is not to be takenin a limiting sense, but is made merely for the purpose of illustratinggeneral principles of embodiments of the invention.

The invention disclosed herein provides a process for securely enrollingindividuals into devices with means for personal identification via useof biometric authentication (hereafter referred to as ‘personalidentification devices’). Because these devices are intended for use astrusted authentication devices, it is imperative that all of theinformation stored within the device be placed there in such a mannerthat it cannot be altered without proper authorization. There are twoparticipants in the enrollment process, the manufacturer of the personalidentification device and an enrollment authority.

The enrollment process includes identifying the devicepost-manufacturing and enrolling personal identity credentials and anassociated biometric into the personal identification device.Furthermore, the invention also discloses methods for creating securebackup and recovery processes, such that an individual may securelystore the enrolled information in an electronic storage repository, suchas a hard drive. If his personal identification device fails he can usethe recovery process to transfer the stored, enrolled information to anew device.

The two participants in the enrollment process must be definitely andseparately identified for proper enrollment. The first participant inthe enrollment system is the manufacturer of the personal identificationdevice. The manufacturer is responsible for maintaining a database ofunique identifiers, such as serial numbers, for all of the devices thatit produces. This enables it later to determine if it manufactured aparticular device. The second party is an enrollment authority, which isresponsible for investigating, authorizing and performing individuals'requests for enrollment into a personal identification device. Thisparticipant may be a Department of Motor Vehicles, a building securityofficer, or any other person or organization responsible for issuingpersonal identification devices.

Initial Enrollment

This enrollment system uses the PKI described above. Each manufacturerand enrollment authority is provided with at least one asymmetric keypair that can be used for identification and encryption. The key pairsmay be self generated, but the public key for each must be placed in adigital certificate signed by a trusted authority. Additionally, themanufacturer may wish to sign digital certificates owned by theenrollment authority as means for guaranteeing its approval of theenrollment authority.

FIG. 1 demonstrates the post-manufacturing process that begins theenrollment process for a personal identification device. Immediatelyfollowing manufacturing, each personal identification device receives apublic key possessed by its manufacturer (step 101). In the preferredembodiment this key is received as part of a digital certificate. Thepersonal identification device can use this public key to verify thedigital signature on messages transmitted from the manufacturer andaccept them as legitimate instructions. This step requires that themanufacturing process be secure and tamper-resistant; receiving a keyother than a trusted manufacturer's would directly compromise futuresecurity verifications.

The personal identification device now generates an asymmetric key pairfor itself (step 102). The public key and the device's unique identifierare sent to the manufacturer (step 103). The manufacturer, or otherlegitimate certificate authority, generates a digital certificate forthe device (step 104). This is now sent back to the device, and can besigned by the manufacturer as a token of its legitimacy (step 105). Themanufacturer keeps a record of the device's public key and its uniqueidentifier for future reference (step 106). At this point allfunctionality within the personal identification device is disabled,such that it is in a state waiting for future enrollment (step 107).

As seen in FIG. 2, upon receipt of a personal identification device, anindividual requests enrollment rights from an enrollment authority (step201). This may require that the individual be physically present in aspecified location, or may be performed remotely. The enrollmentauthority may establish all rules pertaining to the applicantverification process. The security and authenticity of the personalidentification device is only as good as that of the verificationprocess, so it is anticipated that these processes will be as stringentas required by the end application.

After approving the applicant, the enrollment authority receives thepersonal identification device's digital certificate (steps 202 and203). The enrollment authority validates the digital certificate byprompting the device to encrypt a predetermined string with its privatekey (step 204). The enrollment authority now decrypts the encryptedstring using the public key stored in the device' digital certificate,and verifies that the decrypted string matches the predetermined string.At this point the personal identification device will receive and verifythe validity of the enrollment authority's digital certificate (steps206 and 206). It performs the same prompt and verification processdescribed above, and can also verify the manufacturer's signature on thecertificate if one exists. After confirming the legitimacy of theenrollment authority, the personal identification device creates asession key and securely releases it to the enrollment authority (step207). The personal identification device and the enrollment authoritycan now communicate freely using the session key (step 208). Thebiometric may be downloaded into the personal identification devicealong with the personal identity credentials, or may alternatively besensed locally using the device and stored locally. The enrollmentprocess, at this stage, is application-dependent and requires theestablishment of requisite credentials, etc., which are not coveredwithin the scope of this invention.

Restoration Processes

It may be necessary in some cases to provide a backup of at least oneenrolled personal identity credential and biometric. The backup may beused in the event that the personal identification device fails, suchthat the individual may re-enroll a new personal identification devicewithout undergoing the entire process described above; these devices arereferred to as the ‘primary personal identification device’ and the‘secondary personal identification device,’ respectively.

Backup

There are two distinct parts of the restoration process. The first partdescribes a method for archiving the enrolled personal identitycredential, which allows an enrolled individual to securely store hispersonal identity credential and biometric to a user-accessible computerdisk or other electronic storage repository. This data is onlyaccessible with permission from a device manufacturer, an enrollmentauthority, or a recovery authority, as specified by the implementer ofthe system. In the primary embodiment, this system controller will bethe manufacturer of the primary personal identification device. Thesecond part of the restoration process describes a method for restoringthe stored data to the secondary personal identification device.

As seen in FIG. 3, the primary personal identification device generatesa symmetric biometric encryption and decryption key (step 301). This keyis used for encrypting a digital representation of the enrolledbiometric (step 302), which can be used to unlock the archived personalidentity credential(s). After encryption of the biometric, the symmetricbiometric encryption and decryption key is divided into two unique anddistinct parts (step 303); the scheme of separation may be selected atthe discretion of the system implementer. The first part of thesymmetric biometric encryption and decryption key is encrypted with auser-selected passphrase (step 304). The second part of the symmetricbiometric encryption and decryption key is signed by a private keypossessed by the primary personal identification device (step 305), andis then encrypted with a public key owned by the system controller (step306). As described above, in this embodiment the system controller isthe primary personal identification device manufacturer. Using themanufacturer's public key forces an individual to request restorationprivileges from the manufacturer during restoration, because theindividual needs the manufacturer to decrypt the data with its privatekey. This is discussed in further detail below.

The primary personal identification device then generates a symmetricpersonal identity credential encryption and decryption key (step 307),which is used for encrypting at least one enrolled personal identitycredential. The primary personal identification device first digitallysigns the personal identity credential, using a private key (step 308),and then encrypts the personal identity credential and associateddigital signature (step 309). Similarly to the scheme described above,the symmetric personal identity credential encryption and decryption keyis divided (step 310) into two unique and distinct parts. The first partis encrypted with a user-selected passphrase (step 311), which may ormay not be the same passphrase as used above. The second part is againsigned by the device' private, key (step 312) and encrypted with themanufacturer's public key (step 313).

All of the encrypted and/or signed data—the biometric, the symmetricbiometric encryption and decryption key, the personal identitycredential, and the symmetric personal identity credential encryptionand decryption key—are now stored in an electronic storage repository(step 314). In typical embodiments the electronic storage repositorycould be a computer hard drive, floppy disk, or network drive. Theprimary personal identification device releases its digital certificateto the individual for future use of its public key (step 315).

Restoration

As seen in FIG. 4, when an individual receives a secondary personalidentification device, and wishes to restore data from a primarypersonal identification device, he must access the electronic storagerepository (step 401). The individual must first acquire the twoencrypted and/or signed parts of the symmetric biometric encryption anddecryption key (step 402). The secondary personal identification devicedecrypts the first part of the symmetric biometric encryption anddecryption key with the user's passphrase (step 403). It then requeststhe system controller, the manufacturer of the primary personalidentification device, to decrypt the second part of the symmetricbiometric encryption and decryption key and the associated digitalsignature using its (the manufacturer's) private key (step 404). Oncethe data has been decrypted, the secondary personal identificationdevice verifies the digital signature using a public key possessed bythe primary personal identification device (step 405). The two parts ofthe symmetric biometric encryption and decryption key are now combinedappropriately (step 406), and can be used to decrypt the biometric (step407). The biometric is now stored in an appropriate location within thesecondary personal identification device (step 408).

The individual now obtains the two encrypted and/or signed parts of thesymmetric personal identity credential encryption and decryption key(step 409). Similarly to the process described above, the secondarypersonal identification device decrypts the first part of the symmetricpersonal identity credential encryption and decryption key using auser-selected passphrase (step 410). It now requests the systemcontroller, the manufacturer of the primary personal identificationdevice, to decrypt the second part of the symmetric personal identitycredential encryption and decryption key and the accompanying digitalsignature using its private key (step 411). Again, the secondarypersonal identification device verifies the digital signature using apublic key possessed by the primary personal identification device (step412). The two parts of the key are reconstructed to form one key (step413). The key is now used to decrypt the personal identity credentialand the associated digital signature (step 414), and the signature isverified using a public key owned by the primary personal identificationdevice (step 415). The decrypted personal identity credential can now bestored appropriately within the secondary personal identification device(step 416).

While the description above refers to particular embodiments of thepresent invention, it will be understood that many modifications may bemade without departing from the spirit thereof. The accompanying claimsare intended to cover such modifications as would fall within the truescope and spirit of the present invention.

We claim:
 1. A non-transitory machine readable medium storing executableinstructions which when executed by a data processing system cause thedata processing system to perform a method, comprising: receiving at apersonal identification device a public key before biometric dataassociated with enrollment is received; sending an identifier from thepersonal identification device to a party based on the public key beforebiometric data associated with enrollment is received, the identifierbeing uniquely associated with the personal identification device;receiving at the personal identification device a digital certificatefrom the party based on the identifier before biometric data associatedwith enrollment is received; and disabling at least a portion offunctionality within the personal identification device while thepersonal identification device is in a wait state associated with futureenrollment.
 2. The medium of claim 1, further comprising sending thepublic key from the personal identification device to the party afterthe receiving the public key.
 3. The medium of claim 1, wherein thereceiving the digital certificate from the party is based on the publickey and the identifier.
 4. The medium of claim 1, wherein the identifieris associated with an asymmetric key pair including a personalidentification device public key and a personal identification deviceprivate key.
 5. The medium of claim 1, the method further comprisingproducing the identifier at the personal identification device.
 6. Themedium of claim 1, the method further comprising receiving at thepersonal identification device the identifier from the party.
 7. Themedium of claim 1, wherein the digital certificate includes the publickey.
 8. The medium of claim 1, wherein the party is a manufacturer ofthe personal identification device and separate from an enrollment partyauthorized to enable enrollment of the biometric data at the personalidentification device.
 9. The medium of claim 1, wherein the party is afirst party, the personal identification device being configured toenroll the biometric data from a second party different from the firstparty after the receiving at the personal identification device thedigital certificate.
 10. The medium of claim 1, wherein the digitalcertificate includes data associated with the personal identificationdevice.
 11. A non-transitory machine readable medium storing executableinstructions which when executed by a data processing system cause thedata processing system to perform a method, comprising: sending a publickey to a personal identification device; receiving an identifier fromthe personal identification device, the identifier being uniquelyassociated with the personal identification device; producing a digitalcertificate based on the identifier and before enrollment of biometricdata; and sending the digital certificate to the personal identificationdevice such that at least a portion of functionality of the personalidentification device is disabled except that the personalidentification device is configured to send the digital certificate toan enrollment party during future enrollment.
 12. The medium of claim11, wherein the producing of the digital certificate is based, at leastin part, on the public key.
 13. The medium of claim 11, wherein thereceiving and the producing is performed by a first party, the methodfurther comprising: receiving at the first party a digital certificateuniquely associated with a second party different from the first party;adding a public key of the first party to the digital certificateassociated with the second party; and sending the digital certificateassociated with the second party from the first party to the secondparty.
 14. The medium of claim 11, wherein the digital certificateincludes the public key.
 15. The medium of claim 11, the method furthercomprising producing at the party an asymmetric key pair uniquelyassociated with the party.
 16. The medium of claim 11, wherein thepublic key is associated with a manufacturer of the personalidentification device and separate from the enrollment party authorizedto enable enrollment of the biometric data at the personalidentification device.
 17. The medium of claim 11, wherein the personalidentification device is configured to enroll biometric data from theenrollment party after the sending the digital certificate.
 18. Themedium of claim 11, wherein the producing the digital certificate isbased on data associated with the personal identification device.
 19. Anon-transitory machine readable medium storing executable instructionswhich when executed by a data processing system cause the dataprocessing system to perform a method, comprising: receiving anencryption identifier at a personal identification device from a partyduring pre-enrollment; receiving a digital signature at the personalidentification device from the party during pre-enrollment; theencryption identifier and the digital signature collectively configuredto enable verification of the party by the personal identificationdevice; and disabling at least a portion of functionality within thepersonal identification device while waiting for future enrollment. 20.The medium of claim 19, wherein: the encryption identifier is a publickey; and the receiving the digital signature including receiving adigital certificate including the digital signature.